Squirrelmail CVEs and Security Vulnerabilities

Filtered by vendor Squirrelmail Subscriptions

Search

Switch to Advanced Search (Beta)

Total 77 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2006-3174	1 Squirrelmail	1 Squirrelmail	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
CVE-2005-0183	1 Squirrelmail	1 Vacation Plugin	2025-04-03	N/A
ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument.
CVE-2005-0104	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
CVE-2005-0152	1 Squirrelmail	1 Squirrelmail	2025-04-03	N/A
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."
CVE-2005-0184	1 Squirrelmail	1 Vacation Plugin	2025-04-03	N/A
Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.
CVE-2005-0239	1 Squirrelmail	1 S Mime Plugin	2025-04-03	N/A
viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter.
CVE-2004-1036	3 Gentoo, Redhat, Squirrelmail	3 Linux, Enterprise Linux, Squirrelmail	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
CVE-2002-1649	1 Squirrelmail	1 Squirrelmail	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.
CVE-2002-1650	1 Squirrelmail	1 Squirrelmail	2025-04-03	N/A
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
CVE-2004-0521	3 Redhat, Sgi, Squirrelmail	3 Enterprise Linux, Propack, Squirrelmail	2025-04-03	N/A
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
CVE-2005-0103	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2025-04-03	N/A
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
CVE-2003-0160	2 Redhat, Squirrelmail	2 Linux, Squirrelmail	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.
CVE-2006-0188	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2025-04-03	N/A
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.
CVE-2006-0195	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2025-04-03	N/A
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/" and "/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.
CVE-2005-1769	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2025-04-03	N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.
CVE-2006-0377	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2025-04-03	N/A
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."
CVE-2005-0075	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2025-04-03	N/A
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.
CVE-2006-3665	1 Squirrelmail	1 Squirrelmail	2025-04-03	N/A
SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this.
CVE-2003-0990	1 Squirrelmail	2 Gpg Plugin, Squirrelmail	2025-04-03	N/A
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
CVE-2002-1341	2 Redhat, Squirrelmail	2 Linux, Squirrelmail	2025-04-03	N/A
Cross-site scripting (XSS) vulnerability in read_body.php for SquirrelMail 1.2.10, 1.2.9, and earlier allows remote attackers to insert script and HTML via the (1) mailbox and (2) passed_id parameters.

« first previous Page 3 of 4. next last »